« Oracle11g的新特性:Database和SQL重演(replay) | Blog首页 | MT归档分页插件(Paged Archives)几个问题的解决 »
Linux下sshd启动失败问题解决一例
作者:eygle |【转载时请务必以超链接形式标明文章原始出处和作者信息及本声明】链接:http://www.eygle.com/archives/2006/11/linux_sshd_start.html
今天一台Redhat Linux AS4出了问题,ssh无法连接。
检查日志(/var/log/secure 文件)发现如下错误提示:
sshd[3862]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
sshd[3862]: fatal: Cannot bind any address.
sshd[3879]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
sshd[3879]: fatal: Cannot bind any address.
提示显示端口22被占用,绑定失败。
在网上可以找到类似的案例,一般的解释是ipv4与ipv6启动冲突。
在 /etc/ssh/sshd_config 文件中存在以下设置:
ListenAddress 0.0.0.0 ListenAddress ::
其中0.0.0.0是ipv4的地址,::是IPv6的表示,如果IPv4地址绑定22端口,则后续绑定会失败,通常的建议是如果不使用IPv6,则可以注释后面一行。
可是我们的问题还没有这么简单,因为缺省的,以上两行配置已经被注释。
检查系统开放的端口及服务:
[root@cmjp1 ~]# nmap -sT -O localhostStarting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2006-11-15 14:00 CST
Insufficient responses for TCP sequencing (3), OS detection may be less accurate
Interesting ports on cmjp1.hurray.com.cn (127.0.0.1):
(The 1655 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
111/tcp open rpcbind
631/tcp open ipp
873/tcp open rsync
Device type: general purpose
Running: Linux 2.4.X|2.5.X|2.6.X
OS details: Linux 2.4.0 - 2.5.20, Gentoo 1.2 linux (Kernel 2.4.19-gentoo-rc5), Linux 2.4.20,
Linux 2.4.20 - 2.4.22 w/grsecurity.org patch, Linux 2.5.25 - 2.6.3 or Gentoo 1.2
Linux 2.4.19 rc1-rc7)
Uptime 0.089 days (since Wed Nov 15 11:52:15 2006)Nmap run completed -- 1 IP address (1 host up) scanned in 2.199 seconds
可以发现22端口已经启动,但是客户端是无法通过ssh协议连接的。
同时在系统中观察到另外的一个现象是,即使通过ssh作为客户端访问远程主机也不能连接:
[root@cmjp ~]# ssh root@172.16.33.130
The authenticity of host '172.16.33.130 (172.16.33.130)' can't be established.
RSA key fingerprint is 20:7c:8e:15:19:f7:e7:0c:5d:ce:6f:1c:c6:de:f2:0b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.33.130' (RSA) to the list of known hosts.
root@172.16.33.130's password:
Segmentation fault
Segmentation fault多半说明应用程序存在问题,导致指针访问错误,通过重新安装sshd程序,最终解决了该问题。
-The End-
By eygle on 2006-11-15 13:49 | Comments (2) | Posted to Unix&Linux | Edit |Pageviews:
留言 (2)
用 netstat -tnlp 看是否是sshd 开的22端口
Posted by: aiirii at April 6, 2007 9:35 AM
大部分服务器报这个纯粹配置问题,关闭IPV6的监听就可以。但不能连接远程服务器应该应用程序损坏有关系
#cat /etc/ssh/sshd_config
......
#Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
......
#service sshd restart
#cat /var/log/secure
......
Dec 3 11:10:19 localhost sshd[25953]: Server listening on :: port 22.
Dec 3 11:10:19 localhost sshd[25953]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
......
修改配置后:
#cat /etc/ssh/sshd_config
......
Port 22
#Protocol 2,1
ListenAddress 0.0.0.0
#ListenAddress ::
......
#service sshd restart
#cat /var/log/secure
......
Dec 3 11:10:43 localhost sshd[25968]: Server listening on 0.0.0.0 port 22.
......
Posted by: 1288893 at December 3, 2007 10:57 AM
